@signalapp/libsignal-client 0.16.0 → 0.18.1

package/Native.d.ts

@@ -1,11 +1,14 @@
 //
-// Copyright 2020-2021 Signal Messenger, LLC.
+// Copyright 2020-2022 Signal Messenger, LLC.
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
 // WARNING: this file was automatically generated
 
 type Uuid = Buffer;
+
+/// A Native.Timestamp may be measured in seconds or in milliseconds;
+/// what's important is that it's an integer less than Number.MAX_SAFE_INTEGER.
 type Timestamp = number;
 
 export abstract class IdentityKeyStore {
@@ -51,10 +54,18 @@ export function Aes256GcmSiv_Decrypt(aesGcmSiv: Wrapper<Aes256GcmSiv>, ctext: Bu
 export function Aes256GcmSiv_Encrypt(aesGcmSivObj: Wrapper<Aes256GcmSiv>, ptext: Buffer, nonce: Buffer, associatedData: Buffer): Buffer;
 export function Aes256GcmSiv_New(key: Buffer): Aes256GcmSiv;
 export function AuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
-export function AuthCredentialPresentation_GetRedemptionTime(presentationBytes: Buffer): number;
+export function AuthCredentialPresentation_GetPniCiphertext(presentationBytes: Buffer): Buffer;
+export function AuthCredentialPresentation_GetRedemptionTime(presentationBytes: Buffer): Timestamp;
 export function AuthCredentialPresentation_GetUuidCiphertext(presentationBytes: Buffer): Serialized<UuidCiphertext>;
 export function AuthCredentialResponse_CheckValidContents(buffer: Buffer): void;
+export function AuthCredentialWithPniResponse_CheckValidContents(buffer: Buffer): void;
+export function AuthCredentialWithPni_CheckValidContents(buffer: Buffer): void;
 export function AuthCredential_CheckValidContents(buffer: Buffer): void;
+export function Cds2ClientState_CompleteHandshake(cli: Wrapper<Cds2ClientState>, handshakeReceived: Buffer): void;
+export function Cds2ClientState_EstablishedRecv(cli: Wrapper<Cds2ClientState>, receivedCiphertext: Buffer): Buffer;
+export function Cds2ClientState_EstablishedSend(cli: Wrapper<Cds2ClientState>, plaintextToSend: Buffer): Buffer;
+export function Cds2ClientState_InitialRequest(obj: Wrapper<Cds2ClientState>): Buffer;
+export function Cds2ClientState_New(mrenclave: Buffer, caCert: Buffer, attestationMsg: Buffer, earliestValidTimestamp: Timestamp): Cds2ClientState;
 export function CiphertextMessage_FromPlaintextContent(m: Wrapper<PlaintextContent>): CiphertextMessage;
 export function CiphertextMessage_Serialize(obj: Wrapper<CiphertextMessage>): Buffer;
 export function CiphertextMessage_Type(msg: Wrapper<CiphertextMessage>): number;
@@ -65,6 +76,9 @@ export function DecryptionErrorMessage_GetDeviceId(obj: Wrapper<DecryptionErrorM
 export function DecryptionErrorMessage_GetRatchetKey(m: Wrapper<DecryptionErrorMessage>): PublicKey | null;
 export function DecryptionErrorMessage_GetTimestamp(obj: Wrapper<DecryptionErrorMessage>): Timestamp;
 export function DecryptionErrorMessage_Serialize(obj: Wrapper<DecryptionErrorMessage>): Buffer;
+export function ExpiringProfileKeyCredentialResponse_CheckValidContents(buffer: Buffer): void;
+export function ExpiringProfileKeyCredential_CheckValidContents(buffer: Buffer): void;
+export function ExpiringProfileKeyCredential_GetExpirationTime(credential: Serialized<ExpiringProfileKeyCredential>): Timestamp;
 export function Fingerprint_DisplayString(obj: Wrapper<Fingerprint>): string;
 export function Fingerprint_New(iterations: number, version: number, localIdentifier: Buffer, localKey: Wrapper<PublicKey>, remoteIdentifier: Buffer, remoteKey: Wrapper<PublicKey>): Fingerprint;
 export function Fingerprint_ScannableEncoding(obj: Wrapper<Fingerprint>): Buffer;
@@ -155,7 +169,7 @@ export function PublicKey_GetPublicKeyBytes(obj: Wrapper<PublicKey>): Buffer;
 export function PublicKey_Serialize(obj: Wrapper<PublicKey>): Buffer;
 export function PublicKey_Verify(key: Wrapper<PublicKey>, message: Buffer, signature: Buffer): boolean;
 export function ReceiptCredentialPresentation_CheckValidContents(buffer: Buffer): void;
-export function ReceiptCredentialPresentation_GetReceiptExpirationTime(presentation: Serialized<ReceiptCredentialPresentation>): Buffer;
+export function ReceiptCredentialPresentation_GetReceiptExpirationTime(presentation: Serialized<ReceiptCredentialPresentation>): Timestamp;
 export function ReceiptCredentialPresentation_GetReceiptLevel(presentation: Serialized<ReceiptCredentialPresentation>): Buffer;
 export function ReceiptCredentialPresentation_GetReceiptSerial(presentation: Serialized<ReceiptCredentialPresentation>): Buffer;
 export function ReceiptCredentialRequestContext_CheckValidContents(buffer: Buffer): void;
@@ -163,7 +177,7 @@ export function ReceiptCredentialRequestContext_GetRequest(requestContext: Seria
 export function ReceiptCredentialRequest_CheckValidContents(buffer: Buffer): void;
 export function ReceiptCredentialResponse_CheckValidContents(buffer: Buffer): void;
 export function ReceiptCredential_CheckValidContents(buffer: Buffer): void;
-export function ReceiptCredential_GetReceiptExpirationTime(receiptCredential: Serialized<ReceiptCredential>): Buffer;
+export function ReceiptCredential_GetReceiptExpirationTime(receiptCredential: Serialized<ReceiptCredential>): Timestamp;
 export function ReceiptCredential_GetReceiptLevel(receiptCredential: Serialized<ReceiptCredential>): Buffer;
 export function ScannableFingerprint_Compare(fprint1: Buffer, fprint2: Buffer): boolean;
 export function SealedSenderDecryptionResult_GetDeviceId(obj: Wrapper<SealedSenderDecryptionResult>): number;
@@ -215,6 +229,8 @@ export function ServerCertificate_GetSignature(obj: Wrapper<ServerCertificate>):
 export function ServerCertificate_New(keyId: number, serverKey: Wrapper<PublicKey>, trustRoot: Wrapper<PrivateKey>): ServerCertificate;
 export function ServerPublicParams_CheckValidContents(buffer: Buffer): void;
 export function ServerPublicParams_CreateAuthCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, authCredential: Serialized<AuthCredential>): Buffer;
+export function ServerPublicParams_CreateAuthCredentialWithPniPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, authCredential: Serialized<AuthCredentialWithPni>): Buffer;
+export function ServerPublicParams_CreateExpiringProfileKeyCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, profileKeyCredential: Serialized<ExpiringProfileKeyCredential>): Buffer;
 export function ServerPublicParams_CreatePniCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, pniCredential: Serialized<PniCredential>): Buffer;
 export function ServerPublicParams_CreatePniCredentialRequestContextDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, aci: Uuid, pni: Uuid, profileKey: Serialized<ProfileKey>): Serialized<PniCredentialRequestContext>;
 export function ServerPublicParams_CreateProfileKeyCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, profileKeyCredential: Serialized<ProfileKeyCredential>): Buffer;
@@ -222,6 +238,8 @@ export function ServerPublicParams_CreateProfileKeyCredentialRequestContextDeter
 export function ServerPublicParams_CreateReceiptCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, receiptCredential: Serialized<ReceiptCredential>): Serialized<ReceiptCredentialPresentation>;
 export function ServerPublicParams_CreateReceiptCredentialRequestContextDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, receiptSerial: Buffer): Serialized<ReceiptCredentialRequestContext>;
 export function ServerPublicParams_ReceiveAuthCredential(params: Serialized<ServerPublicParams>, uuid: Uuid, redemptionTime: number, response: Serialized<AuthCredentialResponse>): Serialized<AuthCredential>;
+export function ServerPublicParams_ReceiveAuthCredentialWithPni(params: Serialized<ServerPublicParams>, aci: Uuid, pni: Uuid, redemptionTime: Timestamp, response: Serialized<AuthCredentialWithPniResponse>): Serialized<AuthCredentialWithPni>;
+export function ServerPublicParams_ReceiveExpiringProfileKeyCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<ProfileKeyCredentialRequestContext>, response: Serialized<ExpiringProfileKeyCredentialResponse>, currentTimeInSeconds: Timestamp): Serialized<ExpiringProfileKeyCredential>;
 export function ServerPublicParams_ReceivePniCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<PniCredentialRequestContext>, response: Serialized<PniCredentialResponse>): Serialized<PniCredential>;
 export function ServerPublicParams_ReceiveProfileKeyCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<ProfileKeyCredentialRequestContext>, response: Serialized<ProfileKeyCredentialResponse>): Serialized<ProfileKeyCredential>;
 export function ServerPublicParams_ReceiveReceiptCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<ReceiptCredentialRequestContext>, response: Serialized<ReceiptCredentialResponse>): Serialized<ReceiptCredential>;
@@ -230,13 +248,15 @@ export function ServerSecretParams_CheckValidContents(buffer: Buffer): void;
 export function ServerSecretParams_GenerateDeterministic(randomness: Buffer): Serialized<ServerSecretParams>;
 export function ServerSecretParams_GetPublicParams(params: Serialized<ServerSecretParams>): Serialized<ServerPublicParams>;
 export function ServerSecretParams_IssueAuthCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, uuid: Uuid, redemptionTime: number): Serialized<AuthCredentialResponse>;
+export function ServerSecretParams_IssueAuthCredentialWithPniDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, aci: Uuid, pni: Uuid, redemptionTime: Timestamp): Serialized<AuthCredentialWithPniResponse>;
+export function ServerSecretParams_IssueExpiringProfileKeyCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, uuid: Uuid, commitment: Serialized<ProfileKeyCommitment>, expirationInSeconds: Timestamp): Serialized<ExpiringProfileKeyCredentialResponse>;
 export function ServerSecretParams_IssuePniCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, aci: Uuid, pni: Uuid, commitment: Serialized<ProfileKeyCommitment>): Serialized<PniCredentialResponse>;
 export function ServerSecretParams_IssueProfileKeyCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, uuid: Uuid, commitment: Serialized<ProfileKeyCommitment>): Serialized<ProfileKeyCredentialResponse>;
-export function ServerSecretParams_IssueReceiptCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ReceiptCredentialRequest>, receiptExpirationTime: Buffer, receiptLevel: Buffer): Serialized<ReceiptCredentialResponse>;
+export function ServerSecretParams_IssueReceiptCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ReceiptCredentialRequest>, receiptExpirationTime: Timestamp, receiptLevel: Buffer): Serialized<ReceiptCredentialResponse>;
 export function ServerSecretParams_SignDeterministic(params: Serialized<ServerSecretParams>, randomness: Buffer, message: Buffer): Buffer;
 export function ServerSecretParams_VerifyAuthCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer): void;
 export function ServerSecretParams_VerifyPniCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer): void;
-export function ServerSecretParams_VerifyProfileKeyCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer): void;
+export function ServerSecretParams_VerifyProfileKeyCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer, currentTimeInSeconds: Timestamp): void;
 export function ServerSecretParams_VerifyReceiptCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, presentation: Serialized<ReceiptCredentialPresentation>): void;
 export function SessionBuilder_ProcessPreKeyBundle(bundle: Wrapper<PreKeyBundle>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, ctx: null): Promise<void>;
 export function SessionCipher_DecryptPreKeySignalMessage(message: Wrapper<PreKeySignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, ctx: null): Promise<Buffer>;
@@ -248,9 +268,7 @@ export function SessionRecord_Deserialize(data: Buffer): SessionRecord;
 export function SessionRecord_GetLocalRegistrationId(obj: Wrapper<SessionRecord>): number;
 export function SessionRecord_GetRemoteRegistrationId(obj: Wrapper<SessionRecord>): number;
 export function SessionRecord_HasCurrentState(obj: Wrapper<SessionRecord>): boolean;
-export function SessionRecord_NeedsPniSignature(obj: Wrapper<SessionRecord>): boolean;
 export function SessionRecord_Serialize(obj: Wrapper<SessionRecord>): Buffer;
-export function SessionRecord_SetNeedsPniSignature(s: Wrapper<SessionRecord>, needsPniSignature: boolean): void;
 export function SignalMessage_Deserialize(data: Buffer): SignalMessage;
 export function SignalMessage_GetBody(obj: Wrapper<SignalMessage>): Buffer;
 export function SignalMessage_GetCounter(obj: Wrapper<SignalMessage>): number;
@@ -279,8 +297,13 @@ export function initLogger(maxLevel: LogLevel, callback: (level: LogLevel, targe
 interface Aes256GcmSiv { readonly __type: unique symbol; }
 interface AuthCredential { readonly __type: unique symbol; }
 interface AuthCredentialResponse { readonly __type: unique symbol; }
+interface AuthCredentialWithPni { readonly __type: unique symbol; }
+interface AuthCredentialWithPniResponse { readonly __type: unique symbol; }
+interface Cds2ClientState { readonly __type: unique symbol; }
 interface CiphertextMessage { readonly __type: unique symbol; }
 interface DecryptionErrorMessage { readonly __type: unique symbol; }
+interface ExpiringProfileKeyCredential { readonly __type: unique symbol; }
+interface ExpiringProfileKeyCredentialResponse { readonly __type: unique symbol; }
 interface Fingerprint { readonly __type: unique symbol; }
 interface GroupMasterKey { readonly __type: unique symbol; }
 interface GroupPublicParams { readonly __type: unique symbol; }

package/dist/index.d.ts

@@ -153,19 +153,6 @@ export declare class SessionRecord {
     localRegistrationId(): number;
     remoteRegistrationId(): number;
     hasCurrentState(): boolean;
-    /**
-     * Returns true if this session was marked as needing a PNI signature and has not received a
-     * reply.
-     *
-     * Precondition: `this.hasCurrentState()`
-     */
-    needsPniSignature(): boolean;
-    /**
-     * Marks whether this session needs a PNI signature included in outgoing messages.
-     *
-     * Precondition: `this.hasCurrentState()`
-     */
-    setNeedsPniSignature(needsPniSignature: boolean): void;
     currentRatchetKeyMatches(key: PublicKey): boolean;
 }
 export declare class ServerCertificate {
@@ -334,6 +321,15 @@ export declare function sealedSenderMultiRecipientEncrypt(content: UnidentifiedS
 export declare function sealedSenderMultiRecipientMessageForSingleRecipient(message: Buffer): Buffer;
 export declare function sealedSenderDecryptMessage(message: Buffer, trustRoot: PublicKey, timestamp: number, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore): Promise<SealedSenderDecryptionResult>;
 export declare function sealedSenderDecryptToUsmc(message: Buffer, identityStore: IdentityKeyStore): Promise<UnidentifiedSenderMessageContent>;
+export declare class Cds2Client {
+    readonly _nativeHandle: Native.Cds2ClientState;
+    private constructor();
+    static new_NOT_FOR_PRODUCTION(mrenclave: Buffer, trustedCaCert: Buffer, attestationMsg: Buffer, earliestValidTimestamp: Date): Cds2Client;
+    initialRequest(): Buffer;
+    completeHandshake(buffer: Buffer): void;
+    establishedSend(buffer: Buffer): Buffer;
+    establishedRecv(buffer: Buffer): Buffer;
+}
 export declare class HsmEnclaveClient {
     readonly _nativeHandle: Native.HsmEnclaveClient;
     private constructor();

package/dist/index.js

@@ -5,7 +5,11 @@
 //
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
@@ -23,7 +27,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.initLogger = exports.LogLevel = exports.HsmEnclaveClient = exports.sealedSenderDecryptToUsmc = exports.sealedSenderDecryptMessage = exports.sealedSenderMultiRecipientMessageForSingleRecipient = exports.sealedSenderMultiRecipientEncrypt = exports.sealedSenderEncrypt = exports.sealedSenderEncryptMessage = exports.signalDecryptPreKey = exports.signalDecrypt = exports.signalEncrypt = exports.processPreKeyBundle = exports.DecryptionErrorMessage = exports.PlaintextContent = exports.CiphertextMessage = exports.SealedSenderDecryptionResult = exports.groupDecrypt = exports.groupEncrypt = exports.SenderKeyStore = exports.SignedPreKeyStore = exports.PreKeyStore = exports.IdentityKeyStore = exports.SessionStore = exports.UnidentifiedSenderMessageContent = exports.SenderKeyMessage = exports.processSenderKeyDistributionMessage = exports.SenderKeyDistributionMessage = exports.SenderCertificate = exports.SenderKeyRecord = exports.ServerCertificate = exports.SessionRecord = exports.PreKeySignalMessage = exports.SignalMessage = exports.SignedPreKeyRecord = exports.PreKeyRecord = exports.PreKeyBundle = exports.IdentityKeyPair = exports.PrivateKey = exports.PublicKey = exports.Aes256GcmSiv = exports.Fingerprint = exports.DisplayableFingerprint = exports.ScannableFingerprint = exports.hkdf = exports.HKDF = exports.ContentHint = exports.Direction = exports.CiphertextMessageType = void 0;
+exports.initLogger = exports.LogLevel = exports.HsmEnclaveClient = exports.Cds2Client = exports.sealedSenderDecryptToUsmc = exports.sealedSenderDecryptMessage = exports.sealedSenderMultiRecipientMessageForSingleRecipient = exports.sealedSenderMultiRecipientEncrypt = exports.sealedSenderEncrypt = exports.sealedSenderEncryptMessage = exports.signalDecryptPreKey = exports.signalDecrypt = exports.signalEncrypt = exports.processPreKeyBundle = exports.DecryptionErrorMessage = exports.PlaintextContent = exports.CiphertextMessage = exports.SealedSenderDecryptionResult = exports.groupDecrypt = exports.groupEncrypt = exports.SenderKeyStore = exports.SignedPreKeyStore = exports.PreKeyStore = exports.IdentityKeyStore = exports.SessionStore = exports.UnidentifiedSenderMessageContent = exports.SenderKeyMessage = exports.processSenderKeyDistributionMessage = exports.SenderKeyDistributionMessage = exports.SenderCertificate = exports.SenderKeyRecord = exports.ServerCertificate = exports.SessionRecord = exports.PreKeySignalMessage = exports.SignalMessage = exports.SignedPreKeyRecord = exports.PreKeyRecord = exports.PreKeyBundle = exports.IdentityKeyPair = exports.PrivateKey = exports.PublicKey = exports.Aes256GcmSiv = exports.Fingerprint = exports.DisplayableFingerprint = exports.ScannableFingerprint = exports.hkdf = exports.HKDF = exports.ContentHint = exports.Direction = exports.CiphertextMessageType = void 0;
 const uuid = require("uuid");
 const Errors = require("./Errors");
 __exportStar(require("./Errors"), exports);
@@ -379,23 +383,6 @@ class SessionRecord {
     hasCurrentState() {
         return Native.SessionRecord_HasCurrentState(this);
     }
-    /**
-     * Returns true if this session was marked as needing a PNI signature and has not received a
-     * reply.
-     *
-     * Precondition: `this.hasCurrentState()`
-     */
-    needsPniSignature() {
-        return Native.SessionRecord_NeedsPniSignature(this);
-    }
-    /**
-     * Marks whether this session needs a PNI signature included in outgoing messages.
-     *
-     * Precondition: `this.hasCurrentState()`
-     */
-    setNeedsPniSignature(needsPniSignature) {
-        Native.SessionRecord_SetNeedsPniSignature(this, needsPniSignature);
-    }
     currentRatchetKeyMatches(key) {
         return Native.SessionRecord_CurrentRatchetKeyMatches(this, key);
     }
@@ -864,6 +851,27 @@ function sealedSenderDecryptToUsmc(message, identityStore) {
     });
 }
 exports.sealedSenderDecryptToUsmc = sealedSenderDecryptToUsmc;
+class Cds2Client {
+    constructor(nativeHandle) {
+        this._nativeHandle = nativeHandle;
+    }
+    static new_NOT_FOR_PRODUCTION(mrenclave, trustedCaCert, attestationMsg, earliestValidTimestamp) {
+        return new Cds2Client(Native.Cds2ClientState_New(mrenclave, trustedCaCert, attestationMsg, earliestValidTimestamp.getTime()));
+    }
+    initialRequest() {
+        return Native.Cds2ClientState_InitialRequest(this);
+    }
+    completeHandshake(buffer) {
+        return Native.Cds2ClientState_CompleteHandshake(this, buffer);
+    }
+    establishedSend(buffer) {
+        return Native.Cds2ClientState_EstablishedSend(this, buffer);
+    }
+    establishedRecv(buffer) {
+        return Native.Cds2ClientState_EstablishedRecv(this, buffer);
+    }
+}
+exports.Cds2Client = Cds2Client;
 class HsmEnclaveClient {
     constructor(nativeHandle) {
         this._nativeHandle = nativeHandle;

package/dist/zkgroup/NotarySignature.d.ts

@@ -1,6 +1,7 @@
 /// <reference types="node" />
 import ByteArray from './internal/ByteArray';
 export default class NotarySignature extends ByteArray {
+    private readonly __type?;
     static SIZE: number;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/ServerPublicParams.d.ts

@@ -2,6 +2,7 @@
 import ByteArray from './internal/ByteArray';
 import NotarySignature from './NotarySignature';
 export default class ServerPublicParams extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
     verifySignature(message: Buffer, notarySignature: NotarySignature): void;
 }

package/dist/zkgroup/ServerSecretParams.d.ts

@@ -3,6 +3,7 @@ import ByteArray from './internal/ByteArray';
 import ServerPublicParams from './ServerPublicParams';
 import NotarySignature from './NotarySignature';
 export default class ServerSecretParams extends ByteArray {
+    private readonly __type?;
     static generate(): ServerSecretParams;
     static generateWithRandom(random: Buffer): ServerSecretParams;
     constructor(contents: Buffer);

package/dist/zkgroup/ServerSecretParams.js

@@ -11,6 +11,9 @@ const Constants_1 = require("./internal/Constants");
 const ServerPublicParams_1 = require("./ServerPublicParams");
 const NotarySignature_1 = require("./NotarySignature");
 class ServerSecretParams extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.ServerSecretParams_CheckValidContents);
+    }
     static generate() {
         const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
         return ServerSecretParams.generateWithRandom(random);
@@ -18,9 +21,6 @@ class ServerSecretParams extends ByteArray_1.default {
     static generateWithRandom(random) {
         return new ServerSecretParams(Native.ServerSecretParams_GenerateDeterministic(random));
     }
-    constructor(contents) {
-        super(contents, Native.ServerSecretParams_CheckValidContents);
-    }
     getPublicParams() {
         return new ServerPublicParams_1.default(Native.ServerSecretParams_GetPublicParams(this.contents));
     }

package/dist/zkgroup/auth/AuthCredential.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="node" />
 import ByteArray from '../internal/ByteArray';
 export default class AuthCredential extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/auth/AuthCredentialPresentation.d.ts

@@ -2,7 +2,9 @@
 import ByteArray from '../internal/ByteArray';
 import UuidCiphertext from '../groups/UuidCiphertext';
 export default class AuthCredentialPresentation extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
     getUuidCiphertext(): UuidCiphertext;
-    getRedemptionTime(): number;
+    getPniCiphertext(): UuidCiphertext | null;
+    getRedemptionTime(): Date;
 }

package/dist/zkgroup/auth/AuthCredentialPresentation.js

@@ -1,6 +1,6 @@
 "use strict";
 //
-// Copyright 2020-2021 Signal Messenger, LLC.
+// Copyright 2020-2022 Signal Messenger, LLC.
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -14,8 +14,15 @@ class AuthCredentialPresentation extends ByteArray_1.default {
     getUuidCiphertext() {
         return new UuidCiphertext_1.default(Native.AuthCredentialPresentation_GetUuidCiphertext(this.contents));
     }
+    getPniCiphertext() {
+        const ciphertextBytes = Native.AuthCredentialPresentation_GetPniCiphertext(this.contents);
+        if (ciphertextBytes === null) {
+            return null;
+        }
+        return new UuidCiphertext_1.default(ciphertextBytes);
+    }
     getRedemptionTime() {
-        return Native.AuthCredentialPresentation_GetRedemptionTime(this.contents);
+        return new Date(1000 * Native.AuthCredentialPresentation_GetRedemptionTime(this.contents));
     }
 }
 exports.default = AuthCredentialPresentation;

package/dist/zkgroup/auth/AuthCredentialResponse.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="node" />
 import ByteArray from '../internal/ByteArray';
 export default class AuthCredentialResponse extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/auth/AuthCredentialWithPni.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="node" />
+import ByteArray from '../internal/ByteArray';
+export default class AuthCredentialWithPni extends ByteArray {
+    private readonly __type?;
+    constructor(contents: Buffer);
+}

package/dist/zkgroup/auth/AuthCredentialWithPni.js

@@ -0,0 +1,15 @@
+"use strict";
+//
+// Copyright 2022 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+class AuthCredentialWithPni extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.AuthCredentialWithPni_CheckValidContents);
+    }
+}
+exports.default = AuthCredentialWithPni;
+//# sourceMappingURL=AuthCredentialWithPni.js.map

package/dist/zkgroup/auth/AuthCredentialWithPniResponse.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="node" />
+import ByteArray from '../internal/ByteArray';
+export default class AuthCredentialWithPniResponse extends ByteArray {
+    private readonly __type?;
+    constructor(contents: Buffer);
+}

package/dist/zkgroup/auth/AuthCredentialWithPniResponse.js

@@ -0,0 +1,15 @@
+"use strict";
+//
+// Copyright 2022 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+class AuthCredentialWithPniResponse extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.AuthCredentialWithPniResponse_CheckValidContents);
+    }
+}
+exports.default = AuthCredentialWithPniResponse;
+//# sourceMappingURL=AuthCredentialWithPniResponse.js.map

package/dist/zkgroup/auth/ClientZkAuthOperations.d.ts

@@ -3,12 +3,22 @@ import ServerPublicParams from '../ServerPublicParams';
 import AuthCredential from './AuthCredential';
 import AuthCredentialPresentation from './AuthCredentialPresentation';
 import AuthCredentialResponse from './AuthCredentialResponse';
+import AuthCredentialWithPni from './AuthCredentialWithPni';
+import AuthCredentialWithPniResponse from './AuthCredentialWithPniResponse';
 import GroupSecretParams from '../groups/GroupSecretParams';
 import { UUIDType } from '../internal/UUIDUtil';
 export default class ClientZkAuthOperations {
     serverPublicParams: ServerPublicParams;
     constructor(serverPublicParams: ServerPublicParams);
     receiveAuthCredential(uuid: UUIDType, redemptionTime: number, authCredentialResponse: AuthCredentialResponse): AuthCredential;
+    /**
+     * Produces the AuthCredentialWithPni from a server-generated AuthCredentialWithPniResponse.
+     *
+     * @param redemptionTime - This is provided by the server as an integer, and should be passed through directly.
+     */
+    receiveAuthCredentialWithPni(aci: UUIDType, pni: UUIDType, redemptionTime: number, authCredentialResponse: AuthCredentialWithPniResponse): AuthCredentialWithPni;
     createAuthCredentialPresentation(groupSecretParams: GroupSecretParams, authCredential: AuthCredential): AuthCredentialPresentation;
     createAuthCredentialPresentationWithRandom(random: Buffer, groupSecretParams: GroupSecretParams, authCredential: AuthCredential): AuthCredentialPresentation;
+    createAuthCredentialWithPniPresentation(groupSecretParams: GroupSecretParams, authCredential: AuthCredentialWithPni): AuthCredentialPresentation;
+    createAuthCredentialWithPniPresentationWithRandom(random: Buffer, groupSecretParams: GroupSecretParams, authCredential: AuthCredentialWithPni): AuthCredentialPresentation;
 }

package/dist/zkgroup/auth/ClientZkAuthOperations.js

@@ -1,6 +1,6 @@
 "use strict";
 //
-// Copyright 2020-2021 Signal Messenger, LLC.
+// Copyright 2020-2022 Signal Messenger, LLC.
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -9,6 +9,7 @@ const Native = require("../../../Native");
 const Constants_1 = require("../internal/Constants");
 const AuthCredential_1 = require("./AuthCredential");
 const AuthCredentialPresentation_1 = require("./AuthCredentialPresentation");
+const AuthCredentialWithPni_1 = require("./AuthCredentialWithPni");
 const UUIDUtil_1 = require("../internal/UUIDUtil");
 class ClientZkAuthOperations {
     constructor(serverPublicParams) {
@@ -17,6 +18,14 @@ class ClientZkAuthOperations {
     receiveAuthCredential(uuid, redemptionTime, authCredentialResponse) {
         return new AuthCredential_1.default(Native.ServerPublicParams_ReceiveAuthCredential(this.serverPublicParams.getContents(), (0, UUIDUtil_1.fromUUID)(uuid), redemptionTime, authCredentialResponse.getContents()));
     }
+    /**
+     * Produces the AuthCredentialWithPni from a server-generated AuthCredentialWithPniResponse.
+     *
+     * @param redemptionTime - This is provided by the server as an integer, and should be passed through directly.
+     */
+    receiveAuthCredentialWithPni(aci, pni, redemptionTime, authCredentialResponse) {
+        return new AuthCredentialWithPni_1.default(Native.ServerPublicParams_ReceiveAuthCredentialWithPni(this.serverPublicParams.getContents(), (0, UUIDUtil_1.fromUUID)(aci), (0, UUIDUtil_1.fromUUID)(pni), redemptionTime, authCredentialResponse.getContents()));
+    }
     createAuthCredentialPresentation(groupSecretParams, authCredential) {
         const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
         return this.createAuthCredentialPresentationWithRandom(random, groupSecretParams, authCredential);
@@ -24,6 +33,13 @@ class ClientZkAuthOperations {
     createAuthCredentialPresentationWithRandom(random, groupSecretParams, authCredential) {
         return new AuthCredentialPresentation_1.default(Native.ServerPublicParams_CreateAuthCredentialPresentationDeterministic(this.serverPublicParams.getContents(), random, groupSecretParams.getContents(), authCredential.getContents()));
     }
+    createAuthCredentialWithPniPresentation(groupSecretParams, authCredential) {
+        const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
+        return this.createAuthCredentialWithPniPresentationWithRandom(random, groupSecretParams, authCredential);
+    }
+    createAuthCredentialWithPniPresentationWithRandom(random, groupSecretParams, authCredential) {
+        return new AuthCredentialPresentation_1.default(Native.ServerPublicParams_CreateAuthCredentialWithPniPresentationDeterministic(this.serverPublicParams.getContents(), random, groupSecretParams.getContents(), authCredential.getContents()));
+    }
 }
 exports.default = ClientZkAuthOperations;
 //# sourceMappingURL=ClientZkAuthOperations.js.map

package/dist/zkgroup/auth/ServerZkAuthOperations.d.ts

@@ -2,6 +2,7 @@
 import ServerSecretParams from '../ServerSecretParams';
 import AuthCredentialResponse from './AuthCredentialResponse';
 import AuthCredentialPresentation from './AuthCredentialPresentation';
+import AuthCredentialWithPniResponse from './AuthCredentialWithPniResponse';
 import GroupPublicParams from '../groups/GroupPublicParams';
 import { UUIDType } from '../internal/UUIDUtil';
 export default class ServerZkAuthOperations {
@@ -9,5 +10,7 @@ export default class ServerZkAuthOperations {
     constructor(serverSecretParams: ServerSecretParams);
     issueAuthCredential(uuid: UUIDType, redemptionTime: number): AuthCredentialResponse;
     issueAuthCredentialWithRandom(random: Buffer, uuid: UUIDType, redemptionTime: number): AuthCredentialResponse;
+    issueAuthCredentialWithPni(aci: UUIDType, pni: UUIDType, redemptionTime: number): AuthCredentialWithPniResponse;
+    issueAuthCredentialWithPniWithRandom(random: Buffer, aci: UUIDType, pni: UUIDType, redemptionTime: number): AuthCredentialWithPniResponse;
     verifyAuthCredentialPresentation(groupPublicParams: GroupPublicParams, authCredentialPresentation: AuthCredentialPresentation): void;
 }

package/dist/zkgroup/auth/ServerZkAuthOperations.js

@@ -1,6 +1,6 @@
 "use strict";
 //
-// Copyright 2020-2021 Signal Messenger, LLC.
+// Copyright 2020-2022 Signal Messenger, LLC.
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -8,6 +8,7 @@ const crypto_1 = require("crypto");
 const Constants_1 = require("../internal/Constants");
 const Native = require("../../../Native");
 const AuthCredentialResponse_1 = require("./AuthCredentialResponse");
+const AuthCredentialWithPniResponse_1 = require("./AuthCredentialWithPniResponse");
 const UUIDUtil_1 = require("../internal/UUIDUtil");
 class ServerZkAuthOperations {
     constructor(serverSecretParams) {
@@ -20,6 +21,13 @@ class ServerZkAuthOperations {
     issueAuthCredentialWithRandom(random, uuid, redemptionTime) {
         return new AuthCredentialResponse_1.default(Native.ServerSecretParams_IssueAuthCredentialDeterministic(this.serverSecretParams.getContents(), random, (0, UUIDUtil_1.fromUUID)(uuid), redemptionTime));
     }
+    issueAuthCredentialWithPni(aci, pni, redemptionTime) {
+        const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
+        return this.issueAuthCredentialWithPniWithRandom(random, aci, pni, redemptionTime);
+    }
+    issueAuthCredentialWithPniWithRandom(random, aci, pni, redemptionTime) {
+        return new AuthCredentialWithPniResponse_1.default(Native.ServerSecretParams_IssueAuthCredentialWithPniDeterministic(this.serverSecretParams.getContents(), random, (0, UUIDUtil_1.fromUUID)(aci), (0, UUIDUtil_1.fromUUID)(pni), redemptionTime));
+    }
     verifyAuthCredentialPresentation(groupPublicParams, authCredentialPresentation) {
         Native.ServerSecretParams_VerifyAuthCredentialPresentation(this.serverSecretParams.getContents(), groupPublicParams.getContents(), authCredentialPresentation.getContents());
     }

package/dist/zkgroup/groups/GroupIdentifier.d.ts

@@ -1,6 +1,7 @@
 /// <reference types="node" />
 import ByteArray from '../internal/ByteArray';
 export default class GroupIdentifier extends ByteArray {
+    private readonly __type?;
     static SIZE: number;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/groups/GroupMasterKey.d.ts

@@ -1,6 +1,7 @@
 /// <reference types="node" />
 import ByteArray from '../internal/ByteArray';
 export default class GroupMasterKey extends ByteArray {
+    private readonly __type?;
     static SIZE: number;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/groups/GroupPublicParams.d.ts

@@ -2,6 +2,7 @@
 import ByteArray from '../internal/ByteArray';
 import GroupIdentifier from './GroupIdentifier';
 export default class GroupPublicParams extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
     getGroupIdentifier(): GroupIdentifier;
 }

package/dist/zkgroup/groups/GroupSecretParams.d.ts

@@ -3,6 +3,7 @@ import ByteArray from '../internal/ByteArray';
 import GroupMasterKey from './GroupMasterKey';
 import GroupPublicParams from './GroupPublicParams';
 export default class GroupSecretParams extends ByteArray {
+    private readonly __type?;
     static generate(): GroupSecretParams;
     static generateWithRandom(random: Buffer): GroupSecretParams;
     static deriveFromMasterKey(groupMasterKey: GroupMasterKey): GroupSecretParams;

package/dist/zkgroup/groups/GroupSecretParams.js

@@ -11,6 +11,9 @@ const Constants_1 = require("../internal/Constants");
 const GroupMasterKey_1 = require("./GroupMasterKey");
 const GroupPublicParams_1 = require("./GroupPublicParams");
 class GroupSecretParams extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.GroupSecretParams_CheckValidContents);
+    }
     static generate() {
         const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
         return GroupSecretParams.generateWithRandom(random);
@@ -21,9 +24,6 @@ class GroupSecretParams extends ByteArray_1.default {
     static deriveFromMasterKey(groupMasterKey) {
         return new GroupSecretParams(Native.GroupSecretParams_DeriveFromMasterKey(groupMasterKey.getContents()));
     }
-    constructor(contents) {
-        super(contents, Native.GroupSecretParams_CheckValidContents);
-    }
     getMasterKey() {
         return new GroupMasterKey_1.default(Native.GroupSecretParams_GetMasterKey(this.contents));
     }

package/dist/zkgroup/groups/ProfileKeyCiphertext.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="node" />
 import ByteArray from '../internal/ByteArray';
 export default class ProfileKeyCiphertext extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/groups/UuidCiphertext.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="node" />
 import ByteArray from '../internal/ByteArray';
 export default class UuidCiphertext extends ByteArray {
+    private readonly __type?;
     constructor(contents: Buffer);
 }

package/dist/zkgroup/index.d.ts

@@ -6,6 +6,8 @@ export { default as ServerZkAuthOperations } from './auth/ServerZkAuthOperations
 export { default as AuthCredential } from './auth/AuthCredential';
 export { default as AuthCredentialResponse } from './auth/AuthCredentialResponse';
 export { default as AuthCredentialPresentation } from './auth/AuthCredentialPresentation';
+export { default as AuthCredentialWithPni } from './auth/AuthCredentialWithPni';
+export { default as AuthCredentialWithPniResponse } from './auth/AuthCredentialWithPniResponse';
 export { default as ClientZkGroupCipher } from './groups/ClientZkGroupCipher';
 export { default as GroupIdentifier } from './groups/GroupIdentifier';
 export { default as GroupMasterKey } from './groups/GroupMasterKey';
@@ -23,6 +25,8 @@ export { default as ProfileKeyCredentialRequest } from './profiles/ProfileKeyCre
 export { default as ProfileKeyCredentialRequestContext } from './profiles/ProfileKeyCredentialRequestContext';
 export { default as ProfileKeyCredentialResponse } from './profiles/ProfileKeyCredentialResponse';
 export { default as ProfileKeyVersion } from './profiles/ProfileKeyVersion';
+export { default as ExpiringProfileKeyCredential } from './profiles/ExpiringProfileKeyCredential';
+export { default as ExpiringProfileKeyCredentialResponse } from './profiles/ExpiringProfileKeyCredentialResponse';
 export { default as PniCredential } from './profiles/PniCredential';
 export { default as PniCredentialPresentation } from './profiles/PniCredentialPresentation';
 export { default as PniCredentialRequestContext } from './profiles/PniCredentialRequestContext';